If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Error message RUNDLL32 in IMAGE. DLL & SUBITHOOK..DLL
What were you doing at the time of the crash.
Submithook is related to malware. IMPORTANT: Before trying to remove spyware, download a copy of LSPFIX from the URL below - some malware can kill your internet connection when it is removed, and this software should get things going for you again: http://www.cexx.org/lspfix.htm IMPORTANT: After obtaining the software below, make sure you check for updates and then run the programmes in safe mode. You can go to the link below to check your system for parasites (supplied by Doxdesk.com): http://inetexplorer.mvps.org/parasite.htm Malware removal (beginners guide): First, go to Control Panel, add/remove programs. Check for malware entries and use the uninstall programs. Second, get AdAware. [..Warning: AdAware is now version 6.181. All previous versions are NO LONGER SUPPORTED and will not be updated...] AdAware is available at www.lavasoft.de. Make sure you check for updates every time you use it. To be most effective, you must run AdAware while Windows is in safe mode, and you must shut down as many suspect processes as possible. This can be tricky, but nothing is impossible. Modern malware uses more than one process, and these processes are 'co-dependent'. In other words, when one processes detects that the other has been shut down, it automatically restarts its sibling, often using a different name. Using Task Manager (ctrl, alt, del) doesn't work because you can only shut down one process at a time. Disable suspect processes using MSCONFIG before booting into safe mode. Use the information at the URL below as a guide: http://www2.whidbey.com/djdenham/Uncheck.htm After you are in safe mode, check to make sure the suspect processes did not start up. Then start AdAware. Make sure 'activate in depth scan' is enabled. Select 'use custom scanning options' and then click on the 'customize' button. Turn on the following scan options - scan within archives, active processes, registry (including deep scan), IE favorites and hosts file. You must also turn on the following option via the 'tweak' button: Cleaning engine: 'automatically try to unregister objects prior to deletion' IMPORTANT: Before letting AdAware delete malware, write down on a piece of paper exactly where the malware is stored. You will need to delete those directories after AdAware has done its work, but ONLY IF IT IS NOT A STANDARD WINDOWS DIRECTORY. After running AdAware, run it again, this time using the option 'select drives/folders to scan'. Click on 'select'. Scan your entire hard drive. Also do the following: Empty your IE cache and your other temporary file folders, eg: c:\windows\temp (if using Windows 98) or C:\Documents and Settings\name\Local Settings\Temp (the path to your temp folder will change depending on your name) - sometimes programmes can be hidden in there - watch out for mysterious *.exe files or *.dll files in those folders. Go to IE Tools, Internet Options, Temporary Internet Files {Settings Button}, View Objects, Downloaded Programme Files. Check for unusual objects there. Go to IE Tools, Internet Options, Accessibility. Make sure there is no style sheet chosen (under User Style Sheet - format documents using my style sheet). If the option is turned on, turn it OFF. It is possible to turn off third party extensions (Enable third-party browser extensions (requires restart) at IE tools, internet options, advanced) to disable *all* plug-ins but troubleshooting will be difficult and it is only a BANDAID. Nothing gets fixed. There is software that depends on 'third party browser extensions" to work, including Acrobat, Microsoft Money, and many other programmes. If you are still having problems: You can go to the link below to check your system for parasites and hopefully identify your problem (supplied by Doxdesk.com): http://inetexplorer.mvps.org/parasite.htm Download and run the latest version of "Cool Web Shredder" http://www.merijn.org/files/CWShredder.exe The more experienced user can try Spybot. Again, it is a free programme which can be downloaded from: http://spybot.eon.net.au/. Warning: it is NOT a good programme for the inexperienced. If you want to use this programme, please get the advice of those more experienced before 'fixing' anything that it finds. Another excellent programme that allows you to examine your system and *create a results log for experts to examine* is HijackThis, available from: http://www.tomcoyote.org/hjt/ An experienced computer technician can use programme such as AutoStart Viewer for in-depth diagnosis: http://www.diamondcs.com.au/index.php?page=asviewer MS have released a limited KB article regarding what they call 'deceptive software'. http://support.microsoft.com/default...b;EN-US;827315 Here is advice specific to: home page hijackings http://inetexplorer.mvps.org/answers.htm#home_page pop-up ads http://inetexplorer.mvps.org/data/popup.htm search engine hijackings http://inetexplorer.mvps.org/answers4.htm#search_engine IMPORTANT: The above programmes are excellent, and a lot of credit goes to those who authored and update the programmes, but they can NOT detect everything that is out there - as time goes on the programmes will become more and more unwieldy if they try to maintain a standard of positive identification for as much spyware as possible, and it will be harder and harder for the programmes to catch everything that is out there. More and more spyware uses RANDOM names as part of their programme making it impossible for positive identification to occur, therefore.... It is VERY IMPORTANT that you learn how to examine your system for potential problems as well as using 'fixit' programme such as AdAware or Spybot. Check your startup folder and MSCONFIG (startup tab). You can also check the following registry keys and edit as appropriate (if you have experience with same). HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Runonce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Runonce The following link will lead you to some Microsoft KB articles about the basics of the Registry and working with it: http://inetexplorer.mvps.org/answers.htm#Registry -- Hyperlinks are used to ensure advice remains current _______________________________________ Sandi - Microsoft MVP since 1999 (IE/OE) http://inetexplorer.mvps.org/ paul wrote: RUNDLL32 caused an invalid page fault in module IMAGE.DLL at 0167:10013783. Registers: EAX=10021649 CS=0167 EIP=10013783 EFLGS=00010202 EBX=00000000 SS=016f ESP=0063f030 EBP=0063f03c ECX=0063f388 DS=016f ESI=0063f389 FS=433f EDX=c16cf300 ES=016f EDI=c0000a04 GS=0000 Bytes at CS:EIP: 8a 27 47 38 c4 74 f2 2c 41 3c 1a 1a c9 80 e1 20 Stack dump: 00000000 bffa19f5 70befe3c 0063fda4 10003250 c0000a04 0063f388 817aa70a 00000010 00000000 49534c43 307b5c44 46364130 2d314641 45323730 6334342d --------------------- EXPLORER caused an invalid page fault in module SUBMITHOOK.DLL at 0167:01524248. Registers: EAX=01524248 CS=0167 EIP=01524248 EFLGS=00010206 EBX=0155ec84 SS=016f ESP=0150f114 EBP=0150f12c ECX=0155ebe8 DS=016f ESI=0155ec48 FS=3f57 EDX=bffc9490 ES=016f EDI=00000000 GS=0000 Bytes at CS:EIP: 08 80 f9 09 7c 1a 80 f9 0a 7e 0a 80 f9 0d 74 05 Stack dump: 01557627 0155e6fc 00000000 00000000 00000000 00000000 0150f168 015576d4 0155e6fc 00000000 00000000 00000000 00000000 00000000 0155ec68 01558bdd if you can help contact me thanks |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Retrieve data from *.nrg image file | Kamesh | General | 1 | June 16th 04 11:05 PM |
retrieving data from *.nrg nero image files! | Kamesh | General | 0 | June 16th 04 04:26 PM |